FCC still has ton of explaining to do on Wi-Fi blocking rules

The FCC has been very clear that it didn't approve of a Marriott International hotel's blocking of convention center attendees' Wi-Fi hotspots: It fined the hospitality company $600,000 last fall and issued a stern warning on Jan. 27 that such wireless network interference by others will not be tolerated either. But what remains murky to IT shops and wireless LAN product vendors is exactly what constitutes illegal "Wi-Fi blocking."

But what remains murky to IT shops and wireless LAN product vendors is exactly what constitutes illegal "Wi-Fi blocking":

*One university WLAN/network architect wrote a blog post earlier this month titled "Are WLAN vendors selling illegal jammers?" and sparked an online discussion among peers, who are trying to figure out if the tools they routinely use to contain rogue devices are prohibited. These IT directors are trying to determine if their institutions fall under the umbrella of "commercial establishments" singled out by the FCC in its enforcement warning against certain mitigation techniques. There have been calls by IT pros for industry group lawyers, such as at EDUCAUSE, to help them out.

*A systems engineer for a security company wrote to us asking if private companies those that aren't necessarily providing Wi-Fi access to guests like in the hospitality industry are allowed to block Wi-Fi hotspots. At least two such companies have prevented him from using his AT&T hotspot, which he says relieves him from relying on spotty guest access networks and allows him to use a VPN to access data needed from his own company's network.

* The FCC's Marriott decision and subsequent warning about Wi-Fi blocking have been applauded by many, including the Wireless Innovation Alliance, whose members include Dell, Google and Microsoft. IT pros have indicated some disappointment that their WLAN vendors have not been vocal enough in getting the FCC to clarify its position on Wi-Fi blocking, though vendors such as Aruba, Cisco and Ruckus did file comments with the commission in December seeking clarification on the topic of management and security.

"This issue is riddled with complexity and ambiguity," says David Callisch, VP of marketing at Ruckus Wireless, which filed its comments to the FCC jointly with Aruba Networks. "The FCC should use this as an opportunity to work with the industry to help companies know what are appropriate security measures that can be employed to protect networks operating in unlicensed spectrum without violating the [Communications] Act."

Among other things, Ruckus is urging the FCC not to automatically apply rules established for licensed spectrum to the unlicensed spectrum of Wi-Fi.

Ruckus also believes that the use of de-authentication protocols, "which are 802.11 compliant and common security techniques," do not fall under wireless interference as described in the Communications Act, Callisch says.

Marriott was found to be using such Layer 2 de-authentication protocols to block use of Wi-Fi hot spots some suspect in order to force users to pay for Internet service from the hotel (though the hotel industry calls such claims false). Here's the consent decree from the FCC:

After being fined by the FCC, Marriott said it would work with the commission to "clarify appropriate security measures network operators can take to protect customer data, and will continue to work with the industry and others to find appropriate market solutions that do not involve the blocking of Wi-Fi devices." But Marriott, the American Hotel & Lodging Association and Ryman Hospital Properties withdrew their petition for a declaratory ruling on Jan. 30.

Instead, the hospitality industry will form the American Hotel & Lodging Association Cybersecurity Task Force with industry experts and technology companies "to find and implement the most effective market-based solutions available to tackle growing cyber threats."

Shane Buckley, CEO of WLAN vendor Xirrus, filed comments on Jan. 17 with the FCC in support of the hospitality industry petition, though emphasizes that concerns raised about Wi-Fi management go beyond those organizations in the hospitality industry that provide Wi-Fi services to customers. Xirrus has a big clientele in the education

market, including those that need "G" rated air space, such as libraries and K-12 schools, and argues that they need to be able to apply certain network controls even when it involves unlicensed spectrum. These institutions are making "cries for help" and are "as confused as are the Petitioners [i.e., the hospitality industry]," according to Xirrus, which advocates that de-authentication techniques be allowed.

IT pros like Syracuse University's Lee Badman say they're not sure who to believe on what's allowed in terms of WLAN management and security. He's looking for the FCC to "answer nuanced questions with nuanced answers."

One concern: The "FCC SEEMS to have expanded the definition of jamming," Badman notes, citing the mention of the term in the recent FCC enforcement advisory (The FCC has been aggressive about going after wireless jamming device users and sellers in the past). Badman is slated to speak this week at the WLAN Professionals Conference in Dallas, where the FCC's Wi-Fi blocking rules are sure to be a subject of discussion.

Answers are also being sought by members of the Certified Wireless Network Professionals group on LinkedIn, where an IT consultant named Omar Vazquez from Puerto Rico kicked off a discussion. Frustrated with the FCC, Vazquez wrote on Google+ that the commission's "complete disconnection from reality leaves those of us in the WLAN industry scratching our heads as to what exactly they mean and what we could do to comply without significantly hindering our information security efforts in the process."

Cisco also is seeking answers from the FCC, and filed an extensive 23-page comment with the commission in December. Cisco contends that "unlicensed spectrum generally should be open and available to all who wish to make use of it, but access to unlicensed spectrum resources can and should be balanced against the need to protect networks data and devices from security threats and potentially other limited network management concerns."

Cisco complains that the FCC's interpretation of certain network management security as jamming technology "de-values the use of Wi-Fi in enterprise and service provider environments." A policy statement from the FCC on such matters would make it clearer to network administrators what they're allowed to do from a security and management perspective in an increasingly BYOD world and would enable vendors to better communicate to customers how their products should be used, according to the Cisco comment. Cisco did not have any further comments based on the recent FCC enforcement warning about Wi-Fi blocking.

Aruba Networks, which filed its comments to the FCC jointly with Ruckus, said it is "disappointed that the FCC did not use this opportunity [related to the hospitality industry petition] to clarify what rules govern Wi-Fi, and under what circumstances using Wi-Fi containment technology is allowed."

Our attempts so far to get clarification directly from the FCC's media relations office have been as unsuccessful as of those of vendors and IT pros.

But it's clear the FCC, which has its hands full with everything from new broadband definitions to net neutrality, is going to have to carve out some time to provide the industry with more information on Wi-Fi blocking before long.

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.